If you believe the results of a survey conducted by InfoSecurity Europe then women are four times as likely to give away their passwords for chocolate than men. This reveals two things: women prefer chocolate to IT and men rather predictably do not.
It also reveals that we, as a whole, are getting much more security savvy. The same survey carried out last year as part of a social engineering exercise, discovered that 64 percent of folk would give their passwords up for a chocolate bar whereas this year that figure had dropped to just 21 percent.
Carried out in the street outside a busy London railway station, by a bunch of pretty researchers who also asked people for their date of birth to validate that they had taken part, it proved that the security message isn't fully understood just yet. 61 percent happily gave their DoB when asked, without giving it a second thought or considering the identity theft potential of such an action when coupled to the password data also revealed. Most people used only one (31 percent), two (31 percent) or three (16 percent) passwords at work, but some had to use as many as 32. Unfortunately, 43 percent of those asked rarely or never changed their password, just to add to the security risk woes.
"Our researchers also asked for workers names and telephone numbers so that they could be entered into a draw to go to Paris, with this incentive 60% of men and 62% of women gave us their contact information", said Claire Sellick, Event Director, Infosecurity Europe who continued "that promise of a trip could cost you dear, as once a criminal has your date of birth, name and phone number they are well on the way to carrying out more sophisticated social engineering attacks on you, such as pretending to be from your bank or phone company and extracting more valuable information that can be used in ID theft or fraud. This research shows that it's pretty simple for a perpetrator to gain access to information that is restricted by having a chat around the coffee machine, getting a temporary job as a PA or pretending to be from the IT department. This type of social engineering technique is often used by hackers targeting a specific organisation with valuable data or assets such as a government department or a bank."
